Re: Empty Sites in AD

From: DRATliff <ninjarat@xxxxxxxxxxxxx>
Date: Tue, 30 Sep 2008 10:20:01 -0700

Sorry for the delayed response. Jorge, I wasn't intending to discount what
you originally stated on the site-aware services. In all honesty, I was
entirely focused on domain controller availability, and your point just
didn't register.

However, over the weekend I did additional research, and learned that
Microsoft's recommendation is to have a Site for every subnet. Basically,
Sites should mimic the network typology. Is this agreeable?

Also, presuming there are site-aware services, such as DFS (something that
needs to be re-vamped in our org), and I remove the DCs, how do I optimize
authentication traffic for site without DCs? Or is authentication traffic a
non-issue from a performance perspective?

Essentially, I'm going to re-focus my efforts on the following tasks:

1. Remove any Sites that are no longer utilized (I have 29 so far)
2. Demote DCs that are located in Sites without secure access.
3. For Sites that are secured and require high-availability, look to make
redundant services that are required, in the event of a WAN link dropping.

Again, thanks for the assistance.

Dave
"Jorge de Almeida Pinto [MVP - DS]" wrote:

like I said before....

No site-aware services? --> remove that site and add subnets to HUB site
You do have site aware services? --> keep the site with the subnets in AD

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"DRATliff" <ninjarat@xxxxxxxxxxxxx> wrote in message
news:9F562585-3428-4185-A7DF-1CCCD4045D5B@xxxxxxxxxxxxxxxx

Thanks for everyone's input. Allow me to add an additional twist to the
original question.

I've done some additional analysis of the environment, and have found
approx. 60 sites that exist with Subnets defined but no DC. Correct me if
I'm wrong, but wouldn't this cause problems, because clients would
randomly
go to other sites for authentication? My thought would be to create one
or
more hub sites (provided they have a large enough pipe), and assign the
subnets to these hubs. From reading Microsoft's Branch Office Deployment
Guide, this seems to make sense.

And as Jorge pointed out, we also have SMS and DFS sites. In sites with
DCs, the DCs pull triple duty as SMS and DFS sites. If I demote the
servers
and leave them as Member servers, as I'm hoping to do, how should I
re-arrange the sites?

Lastly, can anyone point me to a Sites and Services Best Practice guide?
I've found bits and pieces, but not one concise guide. I'm aware of the
basics, such as number of users, available bandwidth and server security.
And
for the record, I'm inheriting this environment and it's not how I would
have
gone about implementing; I'm just looking to improve and simplify the
environment.

Thanks again,

"David Shen [MSFT]" wrote:

Hello Jorge,

Thanks for the knowledge sharing.

David Shen
Microsoft Online Partner Support

Follow-Ups:
- Re: Empty Sites in AD
  - From: Jorge de Almeida Pinto [MVP - DS]

References:
- Empty Sites in AD
  - From: DRATliff
- Re: Empty Sites in AD
  - From: Jorge de Almeida Pinto [MVP - DS]
- Re: Empty Sites in AD
  - From: David Shen [MSFT]
- Re: Empty Sites in AD
  - From: DRATliff
- Re: Empty Sites in AD
  - From: Jorge de Almeida Pinto [MVP - DS]

Prev by Date: Re: machine account passwords can't be reset
Next by Date: Re: Access denied adding network printers fronm trusted domain.
Previous by thread: Re: Empty Sites in AD
Next by thread: Re: Empty Sites in AD
Index(es):
- Date
- Thread

Relevant Pages

Re: Active Directory problem
... I.e the sites and the subnets. ... > You might also want to configure the DCs in the branch offices not to ... all DCs that have registered the domain wide service records, ... >> pointing to the correct domain controller). ...
(microsoft.public.windows.server.dns)
Re: Bridge All Site Links - [WP]
... I double checked my subnets and few were missing and I have added them ... "Jorge Silva" wrote: ... topology issue and and not related with Authentication. ... Users are getting authenticated from different DCs 2003 all over the ...
(microsoft.public.windows.server.active_directory)
Re: Empty Sites in AD
... HUB site with three DCs. ... The subnets in the Branch Office are linked to the Branch Office site ... DCs in the HUB site "see" the Branch Office site does not contain any DCs. ...
(microsoft.public.windows.server.active_directory)
Re: Empty Sites in AD
... HUB site with three DCs. ... The subnets in the HUB are linked to the HUB site ... Branch Office Site with NO Dc. ... DCs in the HUB site "see" the Branch Office site does not contain any DCs. ...
(microsoft.public.windows.server.active_directory)
Re: AD disaster recovery
... If you have three DCs for one domain then you are already way ahead of the ... As to the FSMO Roles: if you were to seize the roles that the crashed DC ... If you are going to introduce a WIN2003 server and make that a DC in a ... WIN2000 AD environment then you will need to run adprep. ...
(microsoft.public.windows.server.active_directory)